Study: Criminal Attacks are the No. 1 Cause of Data Breach in Healthcare

Criminals are going after information on the computer systems of healthcare payers and providers at an unprecedented rate, according to a new report from the Ponemon Institute, a research center that focuses on privacy, data protection and information security.

Ponemon says that data breaches take an annual toll of $6 billion on the healthcare industry. The average economic impact per healthcare organization is $2,134,800.

Ponemon defines a criminal attack as a “deliberate attempt to gain unauthorized access to sensitive information, usually to a computer system or network, resulting in compromised data.” Breaches can result from cyber-attacks, as well as theft of paper files or other criminal activity by people within the healthcare organization.

Because of the sensitive information they contain, medical files and billing and insurance records are top targets of criminals.

“We are seeing a shift in the causes of data breaches in the healthcare industry, with a significant increase in criminal attacks. While employee negligence and lost/stolen devices continue to be primary causes of data breaches, criminal attacks are now the number-one cause,” said Ponemon Institute Chairman and Founder Dr. Larry Ponemon. “Since first conducting this study, healthcare providers are starting to make investments to protect patient information, which need to keep pace with the growing cyber threats.”

Other key findings of the study include:

91% of healthcare organizations have had at least one data breach; 39% have experienced two to five data breaches; 40 percent have had more than five data breaches over the past two years.